pulumi-aws-kotlin/com.pulumi.aws.fms.kotlin/PolicyArgs

PolicyArgs

data class PolicyArgs(val deleteAllPolicyResources: Output<Boolean>? = null, val deleteUnusedFmManagedResources: Output<Boolean>? = null, val description: Output<String>? = null, val excludeMap: Output<PolicyExcludeMapArgs>? = null, val excludeResourceTags: Output<Boolean>? = null, val includeMap: Output<PolicyIncludeMapArgs>? = null, val name: Output<String>? = null, val remediationEnabled: Output<Boolean>? = null, val resourceTags: Output<Map<String, String>>? = null, val resourceType: Output<String>? = null, val resourceTypeLists: Output<List<String>>? = null, val securityServicePolicyData: Output<PolicySecurityServicePolicyDataArgs>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<PolicyArgs>

Provides a resource to create an AWS Firewall Manager policy. You need to be using AWS organizations and have enabled the Firewall Manager administrator account.

NOTE: Due to limitations with testing, we provide it as best effort. If you find it useful, and have the ability to help test or notice issues, consider reaching out to us on GitHub.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.RuleGroup;
import com.pulumi.aws.wafregional.RuleGroupArgs;
import com.pulumi.aws.fms.Policy;
import com.pulumi.aws.fms.PolicyArgs;
import com.pulumi.aws.fms.inputs.PolicySecurityServicePolicyDataArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleRuleGroup = new RuleGroup("exampleRuleGroup", RuleGroupArgs.builder()
            .metricName("WAFRuleGroupExample")
            .build());
        var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
            .excludeResourceTags(false)
            .remediationEnabled(false)
            .resourceType("AWS::ElasticLoadBalancingV2::LoadBalancer")
            .securityServicePolicyData(PolicySecurityServicePolicyDataArgs.builder()
                .type("WAF")
                .managedServiceData(exampleRuleGroup.id().applyValue(id -> serializeJson(
                    jsonObject(
                        jsonProperty("type", "WAF"),
                        jsonProperty("ruleGroups", jsonArray(jsonObject(
                            jsonProperty("id", id),
                            jsonProperty("overrideAction", jsonObject(
                                jsonProperty("type", "COUNT")
                            ))
                        ))),
                        jsonProperty("defaultAction", jsonObject(
                            jsonProperty("type", "BLOCK")
                        )),
                        jsonProperty("overrideCustomerWebACLAssociation", false)
                    ))))
                .build())
            .tags(Map.of("Name", "example-fms-policy"))
            .build());
    }
}
Content copied to clipboard

Import

Using pulumi import, import Firewall Manager policies using the policy ID. For example:

$ pulumi import aws:fms/policy:Policy example 5be49585-a7e3-4c49-dde1-a179fe4a619a
Content copied to clipboard

Constructors

Link copied to clipboard
fun PolicyArgs(deleteAllPolicyResources: Output<Boolean>? = null, deleteUnusedFmManagedResources: Output<Boolean>? = null, description: Output<String>? = null, excludeMap: Output<PolicyExcludeMapArgs>? = null, excludeResourceTags: Output<Boolean>? = null, includeMap: Output<PolicyIncludeMapArgs>? = null, name: Output<String>? = null, remediationEnabled: Output<Boolean>? = null, resourceTags: Output<Map<String, String>>? = null, resourceType: Output<String>? = null, resourceTypeLists: Output<List<String>>? = null, securityServicePolicyData: Output<PolicySecurityServicePolicyDataArgs>? = null, tags: Output<Map<String, String>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): PolicyArgs

Properties

Link copied to clipboard
val deleteAllPolicyResources: Output<Boolean>? = null

If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy

Link copied to clipboard
val deleteUnusedFmManagedResources: Output<Boolean>? = null

If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents

Link copied to clipboard
val description: Output<String>? = null

The description of the AWS Network Firewall firewall policy.

Link copied to clipboard
val excludeMap: Output<PolicyExcludeMapArgs>? = null

A map of lists of accounts and OU's to exclude from the policy.

Link copied to clipboard
val excludeResourceTags: Output<Boolean>? = null

A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.

Link copied to clipboard
val includeMap: Output<PolicyIncludeMapArgs>? = null

A map of lists of accounts and OU's to include in the policy.

Link copied to clipboard
val name: Output<String>? = null

The friendly name of the AWS Firewall Manager Policy.

Link copied to clipboard
val remediationEnabled: Output<Boolean>? = null

A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.

Link copied to clipboard
val resourceTags: Output<Map<String, String>>? = null

A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.

Link copied to clipboard
val resourceType: Output<String>? = null

A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.

Link copied to clipboard
val resourceTypeLists: Output<List<String>>? = null

A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.

Link copied to clipboard
val securityServicePolicyData: Output<PolicySecurityServicePolicyDataArgs>? = null

The objects to include in Security Service Policy Data. Documented below.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level